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Claims 



The claimed invention is: 

1. A method for providing multi-user file storage comprising the steps of; 

(a) enabling each user of a pre-subscribed user group of one or more users to operate 
an arbitrary client node at an arbitrary geographic location to communicate with a remote file 
server node via a wide area network, 

(b) enabling each user of the pre-subscribed user group to access the files of the file 
group via the respective client node in communication with the remote file server node via the 
wide area network, including permitting more than one user of the pre-subscribed user group to 
access the file group at the remote file server node simultaneously, and 

(c) maintaining the integrity of the files at the remote file server node by controlling 
each access to each of the files at the remote file server node so that each access to each the files 
at the remote file server is performed, if at all, on a respective portion of the respective file as 
most recently updated at the remote file server node, thereby enabling all native operating system 
application programming interfaces to operate so that all multi-user applications accessing the 
files function as if the remote server, which stores the files, and client nodes, at which such 
multi-user applications execute, were on the same local area network. 

2. The method of claim 1 further comprising the step of: 

(d) while a particular client node is in communication v^th the remote file server 
node, selectively downloading firom the remote file server node to the particular client node via 
the wide area network a copy of at least a most recently updated portion of a particular file to be 
accessed by the particular client node and which the particular client node lacks, wherein at all 
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times, each client node in communication with the remote file server node adheres to explicit and 
implicit file sharing modes specified by the native file application programming interfaces. 

3. The method of claim 2 fiirther comprising the steps of: 
5 (e) if the particular client node modifies the particular file v/hile the particular client 

node is in communication with the remote file server node via the wide area network, uploading 
from the particular client node information for updating the copy of the particular file stored at 
the remote file server node for effecting the modifications to the particular file. 

103 4. The method of claim 3 fiirther comprising the step of effecting the modifications by storing an 
incremental change to the copy of the particular file on the remote file server node. 

Li J 

m 

5. The method of claim 3 fiirther comprising the step of effecting the modifications by 

f "~ over-writing at the remote file server node the current copy of the particular file v^th a copy of 
W the particular file as updated by the modifications. 

6. The method of claim 3 fiirther comprising the step of: 

(f) if a hoarding client node in communication with the remote file server node has 
indicated that it desires to hoard the particular file, then automatically downloading from the 
20 remote file server node to the hoarding client node the information for updating the copy of the 
particular file in response to the particular client node uploading the information for updating the 
copy of the particular file stored at the remote file server. 
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7. The method of claim 2 further comprising the steps of: 

(e) if the particular client node closes its commimication channel with the remote file 
server node before closing the particular file then relinquishing the particular file at the remote 
file server node and enabling other client nodes in communication v^th the remote file server via 
the wide area network to access the particular file. 

8. The method of claim 2 further comprising the steps of: 

(e) closing the communication channel between the particular client node and the 
remote file server node; and 

(f) enabling the particular client node to access the dovraloaded copy of the particular 
file while out of communication with the remote file server node. 

9. The method of claim 8 further comprising the step of: 

(g) if the particular client node modifies the downloaded copy of the particular file 
while out of commxmication with the remote file server node, then selectively enabling or 
preventing the updating of the copy of the particular file on the remote file server node according 
to modification information transparently and automatically uploaded from the particular client 
node when the particular client node re-establishes communication with the remote file server 
node via the wide area network, depending on the current modification status of the copy of the 
particular file at the remote file server node. 

10. The method of claim 9 further comprising the steps of: 
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(h) selectively placing in a conflict bin associated only with, and maintained at, the 
particular client node information that depends on either: 

(I) modifications to the downloaded copy of the particular file, made by the 
client node while out of commimication with the remote file server node; or 

(II) modifications to the copy of the particular file at the remote file server 
node, made while the client node was out of communication with the remote file server node, 

depending on the type of the modifications to the downloaded copy and the type 
of the modifications to the copy at the remote file server node. 

1 1 . The method of claim 2 fiirther comprising the step of: 

(e) in response to determining that another client node has modified the particular file 
at the remote file server node, after the particular client node has downloaded the copy of the 
particular file, selectively invalidating the downloaded copy of the particular file at the particular 
client node, depending on the modification status of the copy of the particular file at the remote 
file server node. 

12. The method of claim 1 1 fiirther comprising the step of: 

(f) downloading fi"om the remote file server node to the particular client node the 
valid copy of the file as modified by the other client node and enabling access by the particular 
client node to the valid downloaded copy of the particular file in lieu of the invalid downloaded 
copy of the particular file. 



13, The method of claim 1 1 fiirther comprising the steps of: 
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(f) prior to step (e), closing the communication channel between the particular client 
node and the remote file server node, and 

(g) prior to step (e), re-establishing communication between the particular client node 
and the remote file server node. 

14. The method of claim 1 further comprising the step of: 

(d) transparently to, and v^thout specific action of, one of the users of a first client 
node in communication with the remote file server node via the wide area network, dovmloading 
fi-om the remote file server node via the wide area network to the first client node modifications 
to a copy of a particular file maintained at the remote file server node, wherein the modifications 
were made by another client node. 

15. The method of claim 1 further comprising the step of: 

(d) providing an interface for adapting file access at a particular client node by 
designating at the particular client node each one or more of the accessible files of the file group 
as stored on a virtual storage device, and enabling access to the designated files in a fashion 
which is indistinguishable, by users of, and applications executing at, the first client node, vsdth 
access to one or more files stored on a physical storage device that is locally present at the first 
client node. 

16. The method of claim 15 further comprising the steps of: 

(e) storing on a storage device which is physically present locally to the particular 
client node a copy of each one or more of the designated accessible files, 
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(f) if a user of, or an application executing at, the first client node, attempts to access 
a designated accessible file then: 

(I) accessing the valid copy of the designated accessible file stored in the 
locally physically present storage device, if a valid copy of the designated accessible file, for 
which access is attempted, is stored at the locally physically present storage device, and 

(II) downloading firom the remote file server node to the particular client node 
via the wide area network, a copy of the designated accessible file and performing the access on 
the downloaded copy, if no valid copy of the designated accessible file, for which access is 
attempted, is stored at the locally physically present storage device. 

17. The method of claim 2 fiirther comprising the step of: 

(e) preventing another client node from contemporaneously accessing a copy of the 
particular file according to a file sharing access mode which is incompatible to the file sharing 
access modes currently available to the particular client node for accessing the particular file. 

18. The method of claim 1 fiirther comprising the step of: 

(d) depending on the granularity of file sharing to which applications, executing on a 
group of two or more client nodes, adhere, permitting applications of each client node of the 
group to simultaneously access the same one of the files. 

19. The method of claim 18 wherein certain files are not accessed directly by each client node, 
the method fiirther comprising the step of: 
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(e) enabling each client to contemporaneously indirectly access such certain files 
through an intermediary node which performs each such access directly on behalf of the client 
nodes. 

20. The method of claim 1 further comprising the steps of: 

(d) transmitting a message to an internet email address of a user inviting the user to 
join the pre-subscribed user group, and 

(e) using the information in the message, issuing a request to join the pre-subscribed 
user group from a client node operated by the user. 

21. The method of claim 20 wherein in the step of using the information in the message, the 
message being usable only once to join the pre-subscribed user group. 

22. The method of claim 1 further comprising the step of: 

(d) authenticating a connection between a particular client node and the remote file 
server node so that the particular client node verifies the identity of the remote server node, and 
the remote server node verifies the identity of the user of the particular client node. 

23. The method of claim 22 further comprising the step of: 

(e) encrypting data of a file at the particular client node using an encryption 
methodology known to the client node but not known to the remote file server node, 

(f) uploading the encrypted data to the remote file server node, and 

(g) storing the encrypted file data at the remote file server node. 
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24. The method of claim 23 further comprising the steps of: 

(h) encrypting the file at the particular client node using a data key known only to the 
client node, 

(i) encrypting the data key using a public key, 

0) transmitting the encrypted data key to the remote file server node, and 
(k) storing the encrypted data key at the remote file server node, wherein the remote 
file server node lacks the private key necessary to decrypt the data key. 

25. The method of claim 24 further comprising the steps of: 

(1) encrypting the data key at the particular client node using a second public key 

associated with another user of the pre-subscribed user group, 

(m) transmittmg the second encrypted data key to the remote file server node, and 
(n) storing the second encrypted data key at the remote file server node, wherein both 

the particular client node and the remote file server node lack the private key necessary to deciypt 

the data key. 



26. The method of claim 23 further comprising the steps of: 

(h) at the remote file server node, retrieving fi-om storage the encrypted data of a 
_particular-file, ... 

(i) transmitting the encrypted data to a specific client node, 

0) using a deciyption methodology known to the specific client node but not known 
at the remote file server node, decrypting the data. 
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27. The method of claim 22 further comprismg the steps of: 

(e) receiving at the remote file server node, a request from a specific client node to 
access a particular file, 

(f) determining at the remote file server node whether or not the particular access 
requested by the specific cHent node is permitted by privilege access rights associated with the 
particular file, and 

(g) only permitting the access to the particular file by the specific client node if 
permitted by the privilege access rights associated with the particular file. 

28. The method of claim 1 fiirther comprising the steps of: 

(d) receiving at the remote file server node, a request from a specific client node to 
access a particular file, 

(e) determining at the remote file server node whether or not the particular access 
requested by the specific client node is permitted by privilege access rights associated with the 
particular file, and 

(f) only permitting the access to the particular file by the specific client node if 
permitted by the privilege access rights associated with the particular file. 

- -29.. -The method-of-cldm-l-furfeer-eGmprisiiig-the-steps-of:- 

(d) transferring an encrypted key from the remote file server node to a particular 
client nodes via a secure channel, the key being encrypted using an encryption fimction not 
known locally at the remote file server node, 

(e) decrypting the transferred key at the particular client node, and 
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(f) using the key at the particular cUent node to decrypt information of a file 
downloaded from the remote file server node or to encrypt information of a file prior to 
uploading for storage at the remote file server node. 



30. The method of claim 29 fiirther comprising the step of: 

(g) compressing the information of the file prior to uploading the file or 
decompressing the information of the file subsequent to downloading the file. 

31. The method of claim 1 fiuther comprising the step of: 

(d) compressing the information of the file prior to uploading the file or 
decompressing the information of the file subsequent to downloading the file. 

32. The method of claim I fiirther comprising the steps of: 

(d) enabling each user of another pre-subscribed user group of one or more users to 
access another group of files via a respective client node in communication with the remote 
server node via the wide area network, wherein each pre-subscribed user group includes a 
different subset of users but also have at least one particular user in common, 

wherein the particular user is able to contemporaneously access files in each group. 

33. The method of claim 1 further comprising the step of: 

(d) enabling the users to access one or more of the files at one or more additional file 
server nodes. 



-82- 



34. The method of claim 33 wherein a particular client node is capable of communicating with 
the additional file server nodes remotely via a wide area network, the method further comprising 
the step of: 

(e) the particular client node accessing a copy of a particular file on one of the remote 
file server node or a particular additional file server node which is most efficient for the 
particular client node. 

35. The method of claim 33 wherein a particular client node is capable of communicating with at 
least a particular additional file server node via a local area network, the method further 
comprising the step of: 

(e) the particular client node accessing a copy of a particular file at the particular 
additional file server node via the local area network. 

36. A method for providing mxilti-user file storage comprising the steps of: 

(a) enabling each user of a pre-subscribed user group of one or more users operating 
an arbitrary client node at an arbitrary geographic location to communicate with said remote file 
server node via a wide area network, 

(b) enabling each user of the pre-subscribed user group to access the files of the file 
.gr.aupjvia_the_re^ectivexlient-node-ia-commuaieatioH-with-fee-remote-fite - 
wide area network, including permitting more than one user of the pre-subscribed user group to 
access the file group at the remote file server node simultaneously, and 

(c) providing an interface for adapting file access at a particular client node by 
designating at the particular client node each accessible file of the file group as stored on a virtual 
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storage device, and enabling access to the designated files in a fashion which is indistinguishable, 
by users of, and applications executing at, the particular client node, with access to one or more 
files stored on a physical storage device that is locally present at the particular client node. 



37. The metfiod of claim 36 further comprising the steps of: 

(d) storing on a storage device which is physically present locally to the particular 
client node a copy of one or more of the designated files, 

(e) if a user of, or an application executing at, the particular client node, attempts to 
access a designated accessible file then: 

(I) accessing the valid copy of the designated file stored in the locally 
physically present storage device, if a valid copy of the designated file, for which access is 
attempted, is stored at the locally physically present storage device, and 

(II) downloading fi-om the remote file server node to the particular client node 
via the wide area network, a copy of the designated file and performing the access on the 
downloaded copy, if no valid copy of the designated file, for which access is attempted, is stored 
at the locally physically present storage device. 

38. The method of claim 37 fiirther comprising the step of: 

(f) preventing another client node fi-om contemporaneously accessing a copy of the 
particular file according to a file sharing access mode which is incompatible to the file sharing 
access modes currently available to the particular client node for accessing the particular file. 



39. The method of claim 38 fiuther comprising the step of: 
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(g) depending on the granularity of file sharing to which applications, executing < 
group of two or more client nodes, adhere, permitting applications of each client node of the 
group to simultaneously access the same file. 



40. The method of claim 39 wherein certain files are not accessed directly by each client node, 
the method further comprising the step of: 

(h) enabling each client to contemporaneously indirectly access such certain files 
through an intermediary node which performs each such access directly on behalf of the client 
nodes. 

41. The method of claim 38 further comprising the steps of: 

(g) transmitting a message to an internet email address of a user inviting the user to 
join the pre-subscribed user group, and 

(h) using the information in the message, issuing a request to join the pre-subscribed 
user group fi-om a client node operated by the user. 

42. The method of claim 41 wherein in the step of using the information in the message, the 
' message being usable only once to join the pre-subscribed user group. 

43. The method of claim 36 further comprising the step of: 

(d) authenticating a connection between a particular client node and the remote file 
server node so that the particular client node verifies the identity of the remote server node, and 
the remote server node verifies the identity of the user of the particular client node. 
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44. The method of claim 43 further comprising the step of: 

(e) encrypting data of a file at the particular client node using an encryption 
methodology known to the client node but not known to the remote file server node, 

(f) uploading the encrypted data to the remote file server node, and 

(g) storing the encrypted file data at the remote file server node. 

45. The method of claim 44 further comprising the steps of: 

(h) encrypting the file at the particular client node using a data key known only to the 
client node, 

(i) encrypting the data key using a public key, 

0) transmitting the encrypted data key to the remote file server node, and 
(k) storing the encrypted data key at the remote file server node, wherein the remote 
file server node lacks the private key necessary to decrypt the data key. 

46. The method of claim 45 fiirther comprising the steps of: 

(1) encrypting the data key at the particular client node using a second public key 

associated with another user of the pre-subscribed user group, 

(m) transmitting the second encrypted data key to the remote file server node, and 
(n) storing the second encrypted data key at the remote file server node, wherein both 



the particular client node and the remote file server node lack the private key necessary to decrypt 
the data key. 



'. The method of claim 43 further comprising the steps of: 
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(e) at the remote file server node, retrieving from storage the encrypted data of a 
particular file, 

(f) transmitting the encrypted data to a specific client node, and 

(g) using a decryption methodology known to the specific client node but not known 
at the remote file server node, decrypting the data. 

48. The method of claim 43 further comprising the steps of: 

(e) receiving at the remote file server node, a request from a specific client node to 
access a particular file, 

(f) determining at the remote file server node whether or not the particular access 
requested by the specific client node is permitted by privilege access rights associated with the 
particular file, and 

(g) only permitting the access to the particular file by the specific client node if 
permitted by the privilege access rights associated with the particular file. 

49. The method of claim 36 further comprising the steps of: 

(d) receiving at the remote file server node, a request from a specific client node to 
access a particular file, 

(e) detenBiniag-at- theremote -fik-server-node-v^teaier-or notifae-partiaiiar-acge's^^ ■ 

requested by the specific client node is permitted by privilege access rights associated with the 
particular file, and 

(f) only permitting the access to the particular file by the specific client node if 
permitted by the privilege access rights associated with the particular file. 
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50. The method of claim 36 further comprising the steps of: 

(d) transferring an encrypted key from the remote file server node to a particular 
client nodes via a secure channel, the key being encrypted using an encryption function not 
known locally at the remote file server node, 

(e) decrypting the transferred key at the particular client node, and 

(f) using the key at the particular client node to decrypt information of a file 
downloaded from the remote file server node or to encrypt information of a file prior to 
uploading for storage at the remote file server node. 

51. The method of claim 50 further comprising the step of: 

(g) compressing the information of the file prior to uploading the file or 
decompressing the information of the file subsequent to downloading the file. 

52. The method of claim 36 fijrther comprising the step of: 

(d) compressing the information of the file prior to uploading the file or 
decompressing the information of the file subsequent to downloading the file. 

53. The method of claim 36 further comprising the steps of: 

(d) enabling each user^of another-^^subscribed user groupnof one or more users to 
access another group of files via a respective client node in communication with the remote 
server node via the wide area network, wherein each pre-subscribed user group includes a 
dififerent subset of users but also have at least one particular user in common, 

wherein the particular user is able to contemporaneously access files in each group. 
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54. The method of claim 36 further comprising the step of: 

(d) enabling the users to access one or more of the files at one or more additional file 
server nodes. 

55. The method of claim 54 wherein a particular client node is capable of communicating with 
the additional file server nodes remotely via a wide area network, the method further comprising 
the step of: 

(e) the particular client node accessing a copy of a particular file on one of the remote 
file server node or a particular additional file server node which is most efficient for the 
particular client node. 

56. The method of claim 54 wherem a particular client node is capable of communicating with at 
least a particular additional file server node via a local area network, the method further 
comprising the step of: 

(e) the particular client node accessing a copy of a particular file at the particular 
additional file server node via the local area network. 

57. A method for providing multi-user file storage comprising the steps of: 

(a) enabling each user of a pre-subscribed user group of one or more users operating 
an arbitrary client node at an arbitrary geographic location to communicate with a remote file 
server node via a wide area network, 

(b) enabling each user of the pre-subscribed user group to access the files of the file 
group via the respective client node in communication with the remote file server node via the 
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wide area network, including permitting more than one user of the pre-subscribed user group to 
access the file group at the remote file server node simultaneously, 

(c) transferring an encrypted key from the remote file server node to a particular 
client node via a secure channel, the key being decryptable using a decryption function not 
known locally at the remote file server node, 

(d) decrypting the transferred key at the particular client node, and 

(e) using the key at the particular client node to decrypt information of a file 
downloaded from the remote file server node or to encrypt information of a file prior to 
uploading for storage at the remote file server node. 

58. The method of claim 57 fiirther comprising the step of: 

(f) compressing the mformation of the file prior to uploading the file or 
decompressing the information of the file subsequent to downloading the file. 

59. A system for providing multi-user file storage comprising: 

a remote file server node for enabling each user of a pre-subscribed user group of 
one or more users to operate an arbitrary client node at an arbitrary geographic location to 
conmiunicate with a remote file server node via a wide area network, 

— a-storage-deviee-at-fee- remote fi te-SCTver node foren abl i ng eac huseroflfae 

pre-subscribed user group to access the files of the file group via the respective client node m 
conununication with the remote file server node via the wide area network, including permitting 
more than one user of the pre-subscribed user group to access the file group at the remote file 
server node simultaneously, and 
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wherein the remote file server node is also for maintaining the integrity of the files 
at the remote file server node by controlling each access to each of the files at the remote file 
server node so that each access to each the files at the remote file server is performed, if at all, on 
a respective portion of the respective file as most recently updated at the remote file server node, 
thereby enabling all native operating system application programming interfaces to operate so 
that alljmulti-user applications accessing the files-fiinction as if the remote server, which stores 
the files, and client nodes, at which such multi-user applications execute, were on the same local 
area network. 

60. The system of claim 59 wherein the remote file server node is also configured for selectively 
downloaduig fi-om the remote file server node to fepparticular client node via the wide area 
network a copy of at least a most recently updated portion of a particular file to be accessed by 
the particular cUent node and which the particular client node lacks, while a particular client node 
is in communication with the remote file server node, wherein at all times, each client node in 
communication with the remote file server node adheres to explicit and implicit file sharing 
modes specified by the native file application progrOTaniiig interfaces. 

61. The system of claim 60 wherein the remote file server node is also configured for uploading 
-fi-om-theparticularclient node'lnfofiMtioirforupdafing the copy of the particular file stored at 

the remote file server node for effecting the modifications to the particular file, if the particular 
client node mo(^es the particular file while the particular client node is in communication with 
the remote file server node via the wide area network. 
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62. The system of claim 61 wherein the remote file server node is also configured for effecting 
the modifications by storing an incremental change to the copy of the particular file on the 
remote file server node. 

63. The system of claim 61 wherein the remote file server node is also configured for effecting 
the modifications by over-writing at the remote file server node the current copy of the particular 
file with a copy of the particular file as updated by the modifications. 

64. The system of claim 61 wherein the remote file server is also configured for automatically 
downloading from the remote file server node to a hoarding client node the information for 
updating the copy of the particular file in response to the particular client node uploading the 
information for updating the copy of the particular file stored at the remote file server, if the 
hoarding client node in communication v^th the remote file server node has indicated that it 
desires to hoard the particular file. 

65. The system of claim 60 wherein the remote file server node is also configured for 
relinquishing the particular file at the remote file server node and enabling other client nodes in 
communication v^th the remote file server via the wide area network to access the particular file, 
if the particular client node closes its communication channel with the remote file server node 
before closing the particular file. 

66. The system of claim 60 further comprising: 
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a particular client node for closing the communication channel between the 
particular client node and the remote file server node, 

wherein the remote file server node is also for enabling the particular client node 
to access the downloaded copy of the particular file while out of communication with the remote 
file server node. 

67. The system of claim 66 wherein the remote file server node is also configured for selectively 
enabling or preventing the updating of the copy of the particular file on the remote file server 
node according to modification information transparently and automatically uploaded fi:om the 
particular client node when the particular client node re-establishes communication with the 
remote file server node via the wide area network, if the particular client node modifies the 
downloaded copy of the particular file while out of communication with the remote file server 
node, depending on the current modification status of the copy of the particular file at the remote 
file server node. 

68. The system of claim 67 wherein the particular client node is also configxired for selectively 
placing in a conflict bin associated only with, and maintained at, the particular client node 
information that depends on either: 

(I) modifications to the dovraloaded copy of the particular file, made by the 
client node while out of communication with the remote file server node; or 

(II) modifications to the copy of the particular file at the remote file server 
node, made while the client node was out of communication v^th the remote file server node. 
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depending on the type of the modifications to the downloaded copy and the type 
of the modifications to the copy at the remote file server node. 

69. The system of claim 60 wherein the remote file server node is also configured for selectively 
invalidating the downloaded copy of the particular file at the particular client node, depending on 
the modification status of the copy of the particular file at the remote file server node, in response 
to determining that another client node has modified the particular file at the remote file server 
node, after the particular client node has downloaded the copy of the particular file. 

70. The system of claim 69 wherein the remote file server node is also configured for 
downloading to the particular client node the valid copy of the file as modified by the other client 
node and enabling access by the particular client node to the valid dovmloaded copy of the 
particular file in lieu of the invalid downloaded copy of the particular file. 

71 . The system of claim 69 further comprising : 

a particular client node for closing the communication chaimel between the 
particular client node and the remote file server node, and re-establishing communication 
between the particular client node and the remote file server node prior to determining whether or 
not to invalidate the downloaded copy of the file. 

72. The system of claim 59 wherein the remote file server node is also configxired for 
transparently to, and v^thout specific action of, one of the users of a first client node in 
communication vnih the remote file server node via the wide area network, downloading fi-om 
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the remote file server node via the v^de area network to the first client node modifications to a 
copy of a particular file maintained at the remote file server node, wherein the modifications 
were made by another client node. 

73. The system of claim 59 fiirther comprising: 

an interface for adapting file access at a particular client node by designating at 
the particular client node each one or more of the accessible files of the file group as stored on a 
virtual storage device, and enabling access to the designated files in a fashion which is 
indistinguishable, by users of, and applications executing at, the first client node, v^th access to 
one or more files stored on a physical storage device that is locally present at the first client node. 

74. The system of claim 73 further comprising: 

a local storage device, which is physically present locally to the first client node, 
for storing a copy of each one or more of the designated accessible files, 

wherein, if a user of, or an application executing at, the particular client node, 
attempts to access a designated accessible file then: 

(I) the local storage device accesses the valid copy of the designated 
accessible file stored in the local storage device, if a valid copy of the designated accessible file, 
for which access is attempted, is stored at the local storage device, and 

(II) the particular client node downloads fi-om the remote file server node to 
the particular client node via the wide area network, a copy of the designated accessible file and 
performing the access on the downloaded copy, if no valid copy of the designated accessible file, 
for which access is attempted, is stored at the local storage device. 
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75. The system of claim 60 fiirther comprising: 

another client node for refraining from contemporaneously accessing a copy of the 
particular file according to a file sharing access mode which is incompatible to the file sharing 
access modes currently available to the particular client node for accessing the particular file. 

76. The system of claim 59 fiirther comprising: 

a plurality of applications executing on a group of two or more client nodes which 
are permitted to simultaneously access the same file, depending on the granularity of file sharing 
to which the applications adhere. 

77. The system of claim 76 wherein certain files are not accessed directly by each client node, 
and wherein each client is enabled to contemporaneously indirectly access such certain files 
through an intermediary node which performs each such access directly on behalf of the client 
nodes. 

78. The system of claim 59 fiirther comprising: 

a manager node for transmitting a message to an Internet email address of a user 
inviting the user to join the pre-subscribed user group, and 

a client node operated by the user for issuing a request to join the pre-subscribed 
user group using the information in the message. 

79. The method of claim 78 wherein the message being usable only once to join the 
pre-subscribed user group. 
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80. The system of claim 59 further comprising: 

a particular client node, wherein both the particular client node and remote server 
node are configured for authenticating a connection between a particular client node and the 
remote file server node so that the particular client node verifies the identity of the remote server 
node, and the remote server node verifies the identity of the user of the particular client node. 

81 . The system of claim 80 wherein the client node is further configured for encrypting data of a 
file at the particular client node using an encryption methodology known to the client node but 
not known to the remote file server node, and for uploading the encrypted data to the remote file 
server node, and wherein the storage device is further configured for storing the encrypted file 
data at the remote file server node. 

82. The system of claim 81 wherein the particular client node is further configured for 
encrypting the file at the particular client node using a data key known only to the client node, for 
encrypting the data key using a public key, and for transmitting the encrypted data key to the 
remote file server node, and wherein the storage device is further configured for storing the 
encrypted data key at the remote file server node, wherein the remote file server node lacks the 
private key necessary to decrypt the data key. 

83. The system of claim 82 wherein the particular client node is further configured for 
encrypting the data key at the particular client node using a second public key associated with 
another user of the pre-subscribed user group, and for transmitting the second encrypted data key 
to the remote file server node, and wherein the storage device is further configured for storing the 
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second encrypted data key at the remote file server node, wherein both the particular client node 
and the remote file server node lack the private key necessary to decrypt the data key. 

84. The system of claim 80 wherein the storage device is further configured for retrieving the 
encrypted data of a particular file, wherein the remote file server node is further configured for 
transmitting the encrypted data to a specific client node, and wherein the specific client node uses 
a decryption methodology knovm to the specific client node but not knovra at the remote file 
server node, for decrypting the data. 

85. The system of claim 80 wherein the remote file server node is further configured for 
receiving a request from a specific client node to access a particular file, for determining whether 
or not the particular access requested by the specific client node is permitted by privilege access 
rights associated with the particular file, and for only permitting the access to the particular file 
by the specific client node if permitted by the privilege access rights associated v^th the 
particular file. 

86. The system of claim 59 wherein the remote file server node is further configured for 
receiving a request from a specific client node to access a particular file, for determining whether 
or not the particular access requested by the specific client node is permitted by privilege access 
rights associated v^th the particular file, and for only permitting the access to the particular file 
by the specific client node if permitted by the privilege access rights associated with the 
particular file. 



-98- 



87. The system of claim 59 further comprising: 

a particular client node, 

wherein the remote file server node is further configured for transferring an 
encrypted key a particular client nodes via a secure chaimel, the key being encrypted using an 
encryption function not known locally at the remote file server node, 

wherein the particular client node is configured for decrypting the transferred key 
at the particular client node, and for using the key at the particular client node to decrypt 
information of a file downloaded from the remote file server node or to encrypt information of a 
file prior to uploading for storage at the remote file server node. 

88. The system of claim 87 wherein the particular client node is further configured for 
compressing the information of the file prior to uploading the file or for decompressing the 
information of the file subsequent to dovraloading the file. 

89. The system of claim 59 further comprising: 

a particular client node for compressing the information of the file prior to 
uploading the file or for decompressing the information of the file subsequent to downloading the 
file. 

90. The system of claim 59 wherein the remote file server node is also configured for enabling 
each user of another pre-subscribed user group of one or more users to access another group of 
files via a respective client node in communication with the remote server node via the v^de area 
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network, wherein each pre-subscribed xiser group includes a different subset of users but also 
have at least one particular user in common, 

wherein the particular user is able to contemporaneously access files in each group. 

91 . The system of claim 59 further comprising: 

one or more additional file server nodes at which the users are enabled to access 
one or more of the files. 

92. The system of claim 91 further comprising: 

a particular client node capable of communicating with the additional file server 
nodes remotely via a wide area network, and configured for accessing a copy of a particular file 
on one of the remote file server node or a particular additional file server node which is most 
efficient for the particular client node. 

93. The system of claim 91 further comprising: 

a particular client node capable of communicating with at least a particular 
additional file server node via a local area network, and configured for accessing a copy of a 
particular file at the particular additional file server node via the local area network. 

94. A system for providing multi-user file storage comprising: 

a specific client node at an arbitrary geographic location, usable by a user of a 
pre-subscribed user group for communicating with a remote file server node via a wide area 
network, the remote file server enabling each user of the pre-subscribed user group to access the 
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files of the file group via the respective client node in communication with the remote file server 
node via the wide area network, including permitting more than one user of the pre-subscribed 
user group to access the file group at the remote file server node simultaneously, and 

an interface for adapting file access at the specific client node by designating at 
the specific client node each accessible file of the file group as stored on a virtual storage device, 
and enabling access to the designated files in a fashion which is indistinguishable, by users of, 
and applications executing at, the specific client node, with access to one or more files stored on 
a physical storage device that is locally present at the specific client node. 

95. The system of claim 94 further comprising: 

a local storage device, which is physically present locally to the specific client 
node, for storing a copy of each one or more of the designated accessible files, 

wherein, if a user of, or an application executing at, the specific client node, 
attempts to access a designated accessible file then: 

(I) the local storage device accesses the valid copy of the designated 
accessible file stored in the local storage device, if a valid copy of the designated accessible file, 
for which access is attempted, is stored at the local storage device, and 

(II) the specific client node downloads fi-om the remote file server node to the 
specific client node via the wide area network, a copy of the designated accessible file and 
performing the access on the downloaded copy, if no valid copy of the designated accessible file, 
for which access is attempted, is stored at the local storage device. 



96. The system of claim 94 fiirther comprising: 
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another client node for refraining from contemporaneously accessing a copy of the 
particular file according to a file sharing access mode which is incompatible to the file sharing 
access modes currently available to a particular client node for accessing the particular file. 

97. The system of claim 94 further comprising: 

a plurality of applications executing on a group of two or more client nodes which 
are permitted to simultaneously access the same file, depending on the granularity of file sharing 
to which the applications adhere. 

98. The system of claim 97 wherein certain files are not accessed directly by each client node, 
and wherein each client is enabled to contemporaneously indirectly access such certain files 
through an intermediary node which performs each such access directly on behalf of the client 
nodes. 

99. The system of claim 94 further comprising: 

a manager node for transmitting a message to an Intemet email address of a user 
inviting the user to join the pre-subscribed user group, and 

a client node operated by the user for issuing a request to join the pre-subscribed 
user group using the information in the message. 

100. The method of claim 99 wherein the message being usable only once to join the 
pre-subscribed user group. 
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101 . The system of claim 95 further comprising: 

a particular client node, wherein both the particular client node and remote server 
node are configured for authenticating a connection between a particular client node and the 
remote file server node so that the particular client node verifies the identity of the remote server 
node, and the remote server node verifies the identity of the user of the particular client node. 

102. The system of claim 101 wherein the client node is further configured for encrypting data 
of a file at the particular client node using an encryption methodology known to the client node 
but not known to the remote file server node, and for uploading the encrypted data to the remote 
file server node, and wherein the storage device is further configured for storing the encrypted 
file data at the remote file server node. 

103. The system of claim 102 wherein the particular client node is further configured for 
encrypting the file at the particular client node using a data key knovm only to the client node, for 
encrypting the data key using a public key, and for transmitting the encrypted data key to the 
remote file server node, and wherein the storage device is further configured for storing the 
encrypted data key at the remote file server node, wherein the remote file server node lacks the 
private key necessary to decrypt the data key. 

104. The system of claim 103 wherein the particular client node is further configured for 
encrypting the data key at the particular client node using a second public key associated with 
another user of the pre-subscribed user group, and for transmitting the second encrypted data key 
to the remote file server node, and wherein the storage device is further configured for storing the 
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second encrypted data key at the remote file server node, wherein both the particixlar client node 
and the remote file server node lack the private key necessary to decrypt the data key. 

105. The system of claim 101 wherein the storage device is further configured for retrieving the 
encrypted data of a particular file, wherein the remote file server node is further configured for 
transmitting the encrypted data to a specific client node, and wherein the specific client node uses 
a decryption methodology knovra to the specific client node but not known at the remote file 
server node, for decrypting the data. 

106. The system of claim 101 wherein the remote file server node is further configured for 
receiving a request from a specific client node to access a particular file, for determining whether 
or not the particular access requested by the specific client node is permitted by privilege access 
rights associated with the particular file, and for only permitting the access to the particular file 
by the specific client node if permitted by the privilege access rights associated with the 
particular file. 

107. The system of claim 94 wherein the remote file server node is further configured for 
receiving a request from a specific client node to access a particular file, for determining whether 
or not the particular access requested by the specific client node is permitted by privilege access 
rights associated wdth the particular file, and for only permitting the access to the particular file 
by the specific client node if permitted by the privilege access rights associated with the 
particular file. 

108. The system of claim 94 further comprising: 
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a particular client node, 

wherein the remote file server node is further configured for transferring an 
encrypted key a particular client nodes via a secure channel, the key being encrypted using an 
encryption function not known locally at the remote file server node, 

wherein the particular client node is configured for decrypting the transferred key 
at the particular client node, and for using the key at the particular client node to decrypt 
information of a file downloaded from the remote file server node or to encrypt information of a 
file prior to uploading for storage at the remote file server node. 

109. The system of claim 108 wherein the particular client node is further configured for 
compressing the information of the file prior to uploading the file or for decompressing the 
information of the file subsequent to downloading the file. 

110. The system of claim 94 further comprising: 

a particular client node for compressing the information of the file prior to 
uploading the file or for decompressing the information of the file subsequent to dovmloading the 
file. 

111. The system of claim 94 wherein the remote file server node is also configxired for enabling 
each user of another pre-subscribed user group of one or more users to access another group of 
files via a respective client node in communication with the remote server node via the v^de area 
network, wherein each pre-subscribed user group includes a different subset of users but also 
have at least one particular user in common, 
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wherein the particular user is able to contemporaneously access files in each group. 



112. The system of claim 94 further comprising: 

one or more additional file server nodes at which the users are enabled to access 
one or more of the files. 

113. The system of claim 112 further comprising: 

a particular client node capable of communicating with the additional file server 
nodes remotely via a v^de area network, and configured for accessing a copy of a particular file 
on one of the remote file server node or a particular additional file server node which is most 
efficient for the particular client node. 

1 14. The system of claim 1 12 further comprising: 

a particular client node capable of communicating with at least a particular 
additional file server node via a local area network, and configured for accessing a copy of a 
particular file at the particular additional file server node via the local area network. 

115. A system for providing multi-user file storage comprising: 

a remote file server node for enabling each user of a pre-subscribed user group of 
one or more users operating an arbitrary client node at an arbitrary geographic location to 
communicate with a remote file server node via a wide area network, 

a storage device at the remote file server node for enabling each user of the 
pre-subscribed user group to access the files of the file group via the respective client node in 
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communication with the remote file server node via the wide area network, including permitting 
more than one user of the pre-subscribed user group to access the file group at the remote file 
server node simultaneously, and 

a particular client node, 

5 wherein the remote file server node is also configured for transferring an 

encrypted key fi-om the remote file server node to a particular client node via a secure channel, 
the key being decryptable using a decryption fiinction not known locally at the remote file server 
node, and 

wherein the particular client node is also configured for decrypting the transferred 
lO key at the particular client node, and for using the key at the particular client node to decrypt 

information of a file downloaded from the remote file server node or to encrypt information of a 

r "i 

fx file prior to uploading for storage at the remote file server node. 
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116. The system of claim 115 wherein the particular client node is also configured for 
W compressing the information of the file prior to uploading the file or decompressing the 



information of the file subsequent to downloading the file. 
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